Today’s guest is Bryan Seely, a world famous cyber security expert, ethical hacker, author, keynote speaker, and former US Marine. He is known for intercepting calls to the US Secret Service and FBI. We chat about why and how he did it and surprisingly why he didn’t go to jail.
“I like educating people and making it funny. It is something I have credibility in and it is enough of a story to hook people in to educating people on cyber security.” - Bryan Seely Click To TweetShow Notes:
- [0:48] – Bryan shares his background, what he does now, and what he is famous for.
- [2:10] – To show how easily hacked and manipulated Google Maps was, Bryan changed the names of locations which didn’t get their attention.
- [4:03] – At the time, the FBI didn’t know that Bryan wiretapped them. Bryan explains how this was an issue and how he let them know.
- [6:14] – They didn’t believe him and he explains how he proved it and what the major problems with their communications were.
- [8:03] – At no point was Bryan arrested, but he had to show how he managed to wiretap them.
- [10:00] – Bryan managed to record 40 calls.
- [11:26] – Because he had no ill intent, he told them what he was doing and how he did it to help prevent it happening by others, Bryan was not charged.
- [13:24] – Technically, Bryan didn’t do anything that wasn’t possible for anyone else to do. He didn’t hack a system, but rather saw a logic flaw.
- [15:51] – There wasn’t technically anything wrong. It was just designed in a way that could easily be exploited.
- [18:50] – The cost of just letting people know about a breach is high.
- [20:44] – Bryan believes that companies should be honest about breaches and what they will do to fix the problem.
- [23:41] – We don’t intentionally broadcast our information or location, but it is easy to guess in many cases.
- [24:57] – There are little things that we do that we think are protecting us but are actually giving out more information than we should.
- [27:26] – Bryan shares some tips in keeping you protected, like turning off Bluetooth and wifi on your phone.
- [28:36] – Anyone can create a wifi network and name it anything, like Starbucks Wifi or Free Airport Wifi to make it easy to have people connect.
- [30:47] – Teach your kids how to be safe.
- [31:42] – Bryan primarily uses authenticator apps for MFA, but any kind is helpful.
- [35:20] – Bryan is currently writing another book and loves meeting people who have done great things for cyber security education.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Bryan Seely Home Page
- Bryan Seely LinkedIn
- Bryan Seely on Twitter
Transcript:
Bryan, thanks so much for coming on the Easy Prey Podcast today.
Thanks, Chris. Pleasure to be here.
Glad to have you here. Can you give the audience a little background about who you are and your background, and then we're just going to do a deep dive into your psyche?
I'm a fairly open book, but maybe save that for a day that you got nothing better to do. My name is Bryan Seely. I'm a cybersecurity expert, ethical hacker. I do a lot of public speaking now. I'm trying to educate consumers or companies on the dangers that are out there, and try to do things in a funny way. I wrote a book that's both the worst and the best book on the subject because it's the only one on the subject.
There you go.
On map-hacking and how people manipulate Google Maps, Bing Maps, and Yelp. That was a decade ago. I am famous for wiretapping the Secret Service and the FBI without permission. In case someone hasn't figured that out yet, it's a bad idea.
What made you want to do that? Not the book, but what made you want to wiretap the government?
Poor judgment. There's a moment of defiance because I was trying to get Google to fix an issue and show them how serious the problem was. I built a bunch of funny business listings to try and call attention. I changed the concentration camp in North Korea.
I added a spot on the map for it to Super Mega Fun Time Happy Land. It’s a South Park joke. I renamed the Church of Scientology, the Mormon temple, Christian church. I made them all comedy clubs. I made the Russian Embassy in the UK a gay bar, so I'm not allowed in Russia, it’s safe to say. And then I put Edward Snowden's secret hiding place on the White House lawn. On camera with KOMO News here in Seattle, I changed the Library of Congress to the Zoolander School of Kids Who Can't Read Good.
I know that reference.
That was funny. That didn't really get their attention, so I thought about it like, “Could I take this further and, actually, what are the motivating factors in crime or anything really?” Power, money. Power comes with control or blackmail, so could I get information about something by using these techniques, like maybe a law firm, presidential candidate, bank, law enforcement? Then it just spiraled.
The train of thought went straight down the toilet. I thought, Secret Service, Washington, DC, because why not? That's scary, and FBI in San Francisco because I had been watching The Rock recently. And why not? I did that, and it works really well and works really fast.
How quick before they found out?
They didn't find out; I called the FBI. It's going to be difficult for them to find out because it's not a property that they have control over. Everyone submits their business information and outsource fashion to Google and all these other sites. We trust Google to give us the results that are the most accurate, and that's been the case for so long. I could change who that person was on the map without you even knowing with a phone number that routes to the same people, but I can now record the call in the middle.
I walked into the Secret Service office after the FBI hung up on me and said, “Hey, I wiretapped you guys. I know that's a really bad idea, but it's already done. I wanted to fill you in on why this is a big problem.” They're like, “Ah, OK. We'll look into it.”
Is it because you weren't a target of an investigation that they just didn't take it seriously?
It could have been that. It could have been like, “This guy's crazy.” They treated me like a tinfoil hat nut job because it sounds pretty fantastic. Why would you just walk in? That's probably the thing that saved me out of any of it. They didn't catch me. They wouldn't have caught me in any reasonable amount of time.
The only way somebody would have caught me is if they had gone on a website, looked up the Secret Service, and checked the phone number to make sure it was accurate. That's a very specific task that they don't exactly have extra time for.
And they wouldn't think that that's how you did it.
They wouldn't know how to look because the number works. The 425 area code in Seattle that you call when you get the Secret Service DC during that time routed into their switchboard. That was it.
The Secret Service agents, there are three of them, and we're in this maybe 20×20 room in the little lobby that they have in downtown Seattle. After 15 minutes, they asked me to leave. I said, “OK, I can prove this. And if I can't in five minutes, I'll leave. Call the DC Office of the Secret Service.”
Knowing he's probably got an Android, and knowing that he's going to search either Google Maps or just Google, Secret Service Washington, DC, or Washington, DC Secret Service, any combination of those four words, that's basically what anyone would look for. That result at the top was mine. He pushes the call button, but because the UI is so narrow, it doesn't actually show the phone number for you to even notice there's a problem. It just has a call button.
You push call. Someone answers. He goes, “Yeah, this is agent So and So in Seattle. Yup. Oh, no, we're just investigating something. Yeah. Hey, thanks, man.” They had a prior relationship. They've known each other before. Maybe called this number before.
Everything went according to plan, and then I got a notification that said, “Do you want to listen to your new marketing call campaign recording for Secret Service?” And I guess I would, yes, yes, yes. I push play, I put on speakerphone, and now we heard the phone ringing. You hear the guy, Secret Service. He sounds so cool like a guy on the radio and like the tower…
That wears sunglasses.
Right. It's not, Secret Service, like hi. He's not cheerful at all. Nobody heard the whole conversation. The other two agents and I now could hear the other dude. They lost their sense of humor, and then I lost all my stuff.
I don't know the story. Did they actually charge you with anything?
No, they didn't.
That's good.
For four hours, I had to sit in the guest suite. It's less of a suite, more of a small room with no windows, a little table, handcuff bar. I didn't get handcuffed at any point. I did get a form that said, “Here are your Miranda rights. Do you understand them?” But I wasn't under arrest, and I wasn't detained officially.
How old were you?
I was 30.
OK.
Eighteen would have been perfectly fine to know that that was a bad idea. But at 30, I really should know. Four hours later, I got to explain this over and over and over and over and over and demo, but it took a while to demo because I had to tether to my phone. They wouldn't let me on their Wi-Fi.
I wonder why.
Right. Thinking about it gives me a little bit of anxiety. Because I didn't get caught, I didn't try to tell other people about it. I went directly to them not knowing what the consequences would be, and any reasonable person's idea would be, “Oh, yeah, you're going to jail.” Despite that I did the right thing, they didn't charge me. There was no criminal intent, which is necessary in prosecution.
Wow.
Very, very lucky.
Yeah.
Some people said on Twitter, it went crazy because Gawker did a story about it, then Engadget, and then Gizmodo. They had already done stories on the Edward Snowden secret hiding place, Zoolander School of Kids Who Can't Read. That did OK, but this was, “Oh, crap,” because they played two of the calls that I had sent Gawker.
You can hear what I heard when I listened to some of the calls I was able to report. I didn't listen to more than two because you don't want to hear something you can’t unhear. I'm like, “Oh, crap. Yeah, I'm going to end up in a burlap sack.” I get itchy really bad, so burlap, not so much.
How many calls did you end up recording? Like 30 calls?
Forty.
That must have been live not for very long then?
I turned it off. I switched it back over and stopped recording calls, but the pipes still worked like the man in the middle.
The call forum was effectively still there?
Yeah, I just didn't want to record any more. Apparently, that was a good idea, but too late because each call was five years in prison. I'm not a math expert, but I'm guessing 200 is more than I've got.
No offense. I'm surprised they didn't get you for recording a call without someone's permission.
Both people, yeah.
I've heard of much less in other states when it's not the government.
People have gone to jail for the Three Strikes rule, and combined, those crimes were less than this one. I don't know. Is it that I had a top secret clearance in the Marines? Is it white privilege? I don't know what it is. I'm not saying it exists or not. But if it does, this is it.
Did they explain why they took such a delicate hand with you?
Because it was so stupid, and that I was trying to help, and there was no criminal intent. They said, “No, you're not allowed to do this again.”
And if you do, you're in trouble?
Yeah, that was it. That's where it stopped. I know that I'm being watched. I know that I don't jaywalk. I put my recycling in the correct bins. We're just minding our Ps and Qs, that's what we're doing.
Do you have a sense that they're monitoring you to this day?
No. Not any active. But if it was, if I ever did, I would feel safer in general. Nothing bad is going to happen to you if you've got people watching you.
Unless they're the ones that are coming to collect you.
And that would be fair. I've had a good run. Who am I going to get mad at? They didn't make me do it.
And they treated you very fairly?
They did. I can't think of anything that I have a right to complain about.
Is this at all one of the, “Now that I've done this, they want to hire me to do other stuff for them”?
Everyone says that, but God, no. No one ever thought like, “Hey, you know that idiot who came in here yesterday? We should totally hire him.” It wasn't that at all. It wasn't particularly technology-centered. It was a logic flaw and using a system that was designed a certain way, but there were loopholes on how you could get Google Maps businesses online. It wasn't like I hacked a router, broke into an NSA database, or whatever any sensational hack looks like.
You effectively didn't do anything that anybody else could have done. Anybody else can update a business.
But the fact that no one else saw it and saw to do that was that really good judgment on everyone’s part.
I wonder if there were any more nefarious instances of that going on that we just don't know about.
That's terrifying. You can't detect it.
You can't detect it. Like you said, I didn't hack into Google and get into their back end to change stuff.
I've had people. One guy, in particular, who's the CISO for a Fortune 500 said that they've found Google Maps locations for company people pretending to be their company so that they give legitimacy to a subdomain or a phone number, so people can go and look them up and they find this link. If you include it in the email signature, it shows up as a real place. Whether I caused that or inspired people, that remains to be seen. No one's given me credit, so thank you for not doing that.
I totally see that someone running a scam or a con job is going to backstop their story, so to speak.
It's a way to gain legitimacy.
Yeah. Do you see that's still happening on Google Maps?
Yes.
And has Google ever had a conversation with you about it?
Not really, no. I've given suggestions to other people who work with them. I don't think that they want to work with me. I don't blame them. If I'm persona non grata, I get it. Totally fair.
It only came out of them being extremely stubborn and saying, “What you're saying is impossible. We’re ignoring it.” It wasn't trying to collect a bug bounty or anything. They're like, “You're you and we're Google. You go ahead and just get out of here.”
It technically wasn't a bug; it was a feature.
I designed it.
There was nothing technically wrong. It was just implemented in such a way that it could be easily exploited.
Right. It comes down to even pen-testing or cybersecurity in general. Some companies actively pen test. Those guys, in their personal life, probably go to therapy regularly because therapy is a lot like pen-testing. You're finding problems and going, “Oh, that's a big deal. I hate my father, or my mom was controlling.”
Whatever the thing is, you have to deal with it. You untangle that knot and then move forward. You find the problem, fix the problem, and then start over again. The faster you can get that cycle going, the more problems you find, the more safe and secure your company will be, or the better off you'll be mental health-wise.
Some people think, “Hey, you know what? No. Therapy's not for me. That's for other people. I don't talk about feelings. I'm going to hold them in here, then I'll die someday, and I'll never have to deal with it.”
They hide breaches. They cover up screw-ups because they think it'll make them look weak, when in reality it just means you're on the Internet. Good luck not getting breached.
They hide breaches. They cover up screw-ups because they think it'll make them look weak, when in reality it just means you're on the Internet. Good luck not getting breached. -Bryan Seely Click To TweetIt's either you've been breached, or you don't know that you've been breached.
Right. Most people agree that salting and hashing passwords or databases of credentials is a great idea. If you do that, then you're assuming that you're going to get breached, and that's a good thing to have happened. But being super cocky and going, “No, we're never getting breached. We don't need to do any of that.” That just adds headache. Super negligent.
There's a million other analogies like that in tech. Some people want to cover stuff up, and they don't want to admit that they made a mistake. That's the first step in making another mistake.
Some people want to cover stuff up, and they don't want to admit that they made a mistake. That's the first step in making another mistake. -Bryan Seely Click To TweetYeah, it’s hiding things. What is that—the coverup is almost always worse than the crime?
Yeah. I think we're going to start seeing more people prosecuted for something like that. It happened recently. I'm not saying that that was deserved or not, but the first case where the Uber CISO was Sullivan, was at probation. I don't know whether he got sentenced for this.
I think so; he was.
Yeah. Good guy, though. It sucks, but someone's got to go first, I guess.
I'm sure there are plenty of businesses that have been hacked. They knew they were hacked, they knew they were breached, and it's like, “We're just not going to say anything and hope no one ever finds out.”
Right. I got a call from a news reporter a couple of years ago that Washington State University had to send out—I think it was Washington State, let's just say—had to send out letters to all the people that were breached. That cost alone was $30 million to send out letters in envelopes and mailings. They have insurance and that $30 million.
Gosh, that's crazy.
Forever stamps are 50¢, not even. That's a lot of people. They think they'd get a better rate or something.
Bulk mail. Just send it to everybody.
Just skywrite it. Drive across the country in a Cessna, it'll be cheaper.
Yeah. I'll ask you a question. I just did an interview with Jessica Barker, and I asked this question.
She's brilliant.
She is. Great conversation. It's the previous episode. I'll ask you the question that I asked her, and we'll probably get the same answer, but I'm curious. The notifications that you get—“Hey, we value your security, but […]. Our security is the most important thing, but we got breached, and your life has been dumped on the public internet.” Do you think that's the right approach for the company to start off saying, “Hey, we value security,” and then follow it up with “but we messed up” without saying the words, “but we messed up”?
I can understand why people do it. I don't think it's the most honest. Reeks of lawyers who don't want to admit liability or culpability. There's all these little things to try to mitigate damage, because 99% of the people are going to react one way but then 1% are going to react in a different way. You have to play to those 1% who are going to be a-holes about it and try to find a way to exploit it.
I get it, but I'd love an honest company that's being like, “Hey, we screwed up here. Here’s how we're going to fix it,” understanding that I can't go and teach a class on how to keep your family safe by showing everything that I do and every brand of router. That eliminates certain variables in the equation to now people know exactly what to target.
We were talking offline about geo-guessers, and my screen name is Bryan the Maps Guy, which I wish I could change. I just don't have the creativity to come up with some leet hacker thing. There are some people who have really clever names.
Turn the Es into threes.
I thought about doing that for my license plate, like hacker with the three is the E, but I ended up going with a disabled Marine Corps Vet plate that says Dadbod.
There we go.
It's gotten so much more laughs, and it's way better in my opinion. Talking about geo-guessing, and people being able to look at something really obscure and specific and tell you exactly where in the world it was or based on the color of the soil, holy cow. I can't risk talking about specific stuff.
I can't understand why companies won't exactly say, “We use this as our SIEM solution. This is our antivirus, and this is our this.” You'd have to go and get a job there to figure out what their security stack looks like. That's not unreasonable if a nation-state wants to target somebody, but lazy entrepreneurial types who are overseas aren't exactly going to be able to get a job in downtown San Francisco. You'd have to actually go there, actually pass the exam, and figure out how to live in San Francisco.
You already have to come into San Francisco being independently wealthy just to get a job in San Francisco.
Yeah. If you make $100,000 a year, you're poor. I think The Onion had an article about that. A couple who has a six-figure income tours best tent city in San Francisco.
There was a Babylon Bee episode about, instead of house hunters, it was tent hunters. The couple had $600,000 going to buy a place in LA. It's like, “OK, here's your one-bedroom tent.”
Plenty of sun through the hole in the fabric.
It was a selling feature—lots of sunlight. When we're talking about geo-guessing, based on a tiny photograph with a little bit of stuff in the background, it's scary because I think we incidentally do broadcast a lot about our security posture.
I had the realization awhile back. I was talking with someone about security, and I realized that I have a security system. There was a little sign outside the front door saying the name of the company. It was not ADT, thank you very much.
It's the first thing in my head, though.
It was the realization that, oh, I just gave somebody an attack vector to, “Hey, this is So and So calling from insert name of security company. Hey, there's a fault in your system. We need to come in and fix it.”
Right. If you had one for ADT, one for Ring, one for Comcast, and then just the NRA just as a good measure, if you had the four hexagons sitting in front of your house, people are going to be, “Uh-oh.”
I routed the phone numbers all through the system that I could record and redirect them.
Not a bad idea.
But it made me realize that there are little things that we do that we think are…I’m increasing my security by having a little sign out here saying that I have a security system. When in fact, while it may help me against the burglar, it's not helping me against someone who's actually trying to attack on a cybersecurity.
Bumper stickers, there's an infographic going around about people who like hiking. You can tell a lot about people once they start putting all these identification things on their bumper. How many kids you have incrementing down.
You can tell a lot about people once they start putting all these identification things on their bumper. -Bryan Seely Click To TweetWhere you like to travel because you've got the little Hawaiian Islands thing on there. My kid was an honor student. Now I know where your kids go to school.
The Hawaiian Islands is what always confuses me because you didn't drive.
But I rented the car when I was there.
Right, it got the bumper sticker and then you flew back, so you're not road tripping. But you have money if you're going to Hawaii because, oh, my God, it's expensive.
That's the thing. There are so many little things on how we keep track of all the little things that we do that disclose information about us that we don't realize that we're disclosing.
Right. If you're paying attention and you travel internationally, I mean I stick out like a sore thumb. I'm 6'4” and that's barefoot. I'm already tall and white. I mean white, white like opening-up-the-refrigerator-and-get-a-sunburn white.
If anyone's looking at the recording, I'm pink. So I can relate.
And the tattoos, you can deduce I'm probably from the US or one of three or four countries, maybe UK, maybe Canada, but just the way that I dress and then as soon as I start talking. There are lots of things like that that give off and give indicators away if you're paying attention. You just have to get OK with some of them and be like, there's no way you're going to hide all this stuff. That's the impression they're going to take.
I guess the question is knowing which stuff we should let be disclosed and which stuff we shouldn't let be exposed.
I would turn off Bluetooth on your phone and WiFi on your phone. If your WiFi automatically connects to known networks, people can do things like wardriving and collect SSID information from lots of different sources, like Starbucks or the airport, and they can create towers. I've heard about nation-states doing this, like cell towers at airports. When people immediately land and they turn their phone on, it's collecting information from their phone off a cell tower that's not company owned. It's like a man in the middle.
You're going, “Oh, great. I've got cell service.” You don't notice that that cell tower is controlled by somebody else. There's no way to know because it looks correct. If you're automatically connecting to WiFi that you've done before, somebody can spoof one that you've connected to before. Now you're just, “Oh, yeah. This is my friend.” No, it is not.
You mean anybody can create a WiFi called Starbucks WiFi?
Anybody can, yes.
Or a free airport WiFi?
Right. A friend of mine does this for presentations. He will walk around and collect people connecting to him, or […] and then they could reconnect. He shows that during a presentation, all the information you're able to get, like MAC addresses, names of their phone, and it gets a lot of intel.
I think when you're in a crowd of people, you're an incidental person in a crowd. But when someone’s specifically targeting you, then it becomes more nefarious.
How many enemies do you have? Because if you've got a bunch of them, maybe yeah, be more vigilant, or maybe don't be a dick. But if you're just caught up in spam or a big net because they're being lazy, and they're sending email to everybody, you have less to worry about. That's why animals herd, the whole thing…
Safety in numbers.
Yeah. Zebras and their stripes, they're really easy to see by themselves. It's not camouflage, until you see a bunch of them together and you're like, “Where does that zebra start and the other one end?” It's only a camouflage when they're in a group.
I haven't thought about that, but yeah, that makes perfect sense. That's really good. How do we camouflage ourselves or our groups? Don't name our iPhones?
Yeah. I leave mine as iPhone(564). It keeps incrementing if you don't do something with it. I don't even know what causes the incremental, it just keeps going up, which is fine by me. Just knowing that that stuff is available and visible because you're going to have to teach your kids.
We've all accepted that when you buy a car, that's on you. It's not on Ford to teach you when you need to change your oil. The classic like, “Oh, I taught my kids how to change a tire and change their oil.” Show them how to set up an MFA and why it's important. If they think, “Oh, stupid,” then you didn't do your job because they think it's stupid. And that's incorrect.
The classic like, “Oh, I taught my kids how to change a tire and change their oil.” Show them how to set up an MFA and why it's important. If they think, “Oh, stupid,” then you didn't do your job because they think it's stupid. And… Click To TweetIt isn't like, “Well, I don't like broccoli.” You're going to be like, “OK, well, each person has their own tastes.” I don't like broccoli, fine. It's not a binary thing. Like, that can be OK. Not doing the security stuff correctly isn't OK.
If you don't teach them about online privacy or what the scams are, you don't have to go into super big detail, but an eight-year-old's knowledge of the Internet versus a 15-year-old or 16-year-old should be different. You should be helping them along with that as best as you can.
Are you an MFA purist that one form is only the right form?
No. I avoid text messages if it's possible. I probably have all the authenticator apps, depending on which one I opened at that point, or which one it requested, or if there's a specific one like Microsoft, Google, Duo, all of them. They're all in their own little folder.
This was my folder of authenticator apps.
Right, that's pretty much it. YubiKeys are pretty hard. As far as I know, there's no way to really break them, or there's no hack that defeats their security.
But it's a matter of losing it.
I stopped drinking, and all of a sudden, my phone stopped breaking. I stopped losing stuff. I've never left my debit card at a bar, I've never lost my phone in a cab, and I haven't lost a YubiKey. In fact, I have too much stuff. I need to start losing stuff.
I did lose a credit card in a parking meter. I put it in the slot, and it just kept going with clink clink inside the machine. I'm like, “Oh, that's a problem.” I'm like, “Oh, I’ve got to cancel that card.”
Yeah, seriously. Knowing that I take photos of all of my cards and keep them in an encrypted backup. If I do need to cancel them, I know what the number is, I know what the CVV code is, and I know what the customer service number is off the bat. You only need the number after you lose it.
Yes, you never need it before. Oh, now that I've lost the card, I need the customer service number. I need to get ahold of the fraud department. What's the best number? Go Google that. Google My Business. Oh, no, I'm just coming up with too many ideas, and all of them are wrong.
And you forget that they might not be good ideas. It's hard enough to find things that you enjoy doing as an adult on a day-to-day basis. If something's like, “Wow, it's this magical event. I have energy and motivation to do this thing. Screw legality. This is a holy cow. I care.”
Speaking of that, why do you like talking about cybersecurity?
I have no idea. It's so boring sometimes. It is. I like educating people, and I like making it funny. If I can make it funny and people can pay attention, they can learn something. It's something that I have credibility in because of stupid things that I did. It's enough of a story that people go, “Oh, I want to hear what this guy has to say.”
It's an opportunity to not lure, but it's a hook. Wiretap the Secret Service. I got to listen to this train. I get to say, “OK, well, MFA is important, and here's why. This is important, and here's why. And this is important, and here's why.”
I've gotten to meet so many amazing people. I got a football from Steve Young. I spoke to his organization. I got to be on John McAfee's board. I got an endorsement from Mark Cuban in an article by Brian Krebs. I think that's winning, sort of.
You've hit the trifecta.
No one's getting McAfee's endorsement anymore. However, I'm co-writing my book with a ghostwriter, but he's not ghostwriting my book. He's helping me write it, and he wrote McAfee's bio. He traveled with him. He was in the documentary.
This guy's an amazing writer and getting to meet people at a level that's been in the industry for a long enough time that it becomes a small world. You get to meet the founder of whatismyipaddress.com. I've known about you adjacent to this website forever, and that's really cool. Meeting people who built stuff that's key is cool.
It's surprising how much that comes up in conversation. I'm like, yeah. “Hey, what do you do?” “I own this website called whatismyipaddress.com.” Like, “Oh, hey. I used that last week. You own that? That's really cool.” It's a really weird experience from time to time.
It's like, but it's free. Yeah. Like, how do you make money? Well, that's complicated. It's probably evolved quite a few times over the years.
Do you want to know how much I make from each person visiting the website?
Almost nothing.
Almost nothing, but there's just a whole bunch of them.
Yeah, it's an aggregate.
Yes.
It's office base and Superman but without the superhero or the movie.
Or the crime. It's not a bank heist. Really, it's not a bank heist.
I can imagine, the way advertising and stuff works, it's got to be challenging to keep it like, OK, but if it's your only source of income, you've had time to build something else.
It's really been a fun business to build. Even doing the podcast over the last couple of years, just meeting some really neat people. Sometimes it gets me in the door when I otherwise wouldn't be able to get through the door.
When you ran out of neat people, you met me?
Exactly. I didn't run out of neat people. There's just so many neat people out there, I just have to find them.
Good luck, I've been trying. There are really a lot of cool people doing a lot of cool things. Being able to even know some of them, work around them, and try to help and be of use, that's the day to day now.
It's nice to be able to do something like I'm trying to help people. I'm helping people as opposed to I'm making a living off of people, if that makes sense.
Right. You can make a living and not have to feel bad about it, and that isn't the reason that no one can change or take away your intention. We still haven't figured out how to determine someone's intention. Anytime you see machine learning or AI claiming like we can tell bad traffic from good traffic, no, you can't. No, you can't. You're lying.
We can't prove it in court, either. You can only reasonably conclude someone did something maliciously, but maybe it was accidentally or maybe it was stupidly. Maybe it was one thing or another, but you can't prove it. When people can prove it, that will be an interesting day.
Yeah, that would be a scary day. Maybe it will be a good day, I'm not sure, probably more scary than good.
Well, then you're into that minority report level, or it's like, “Oh, you had a bad thought. Kill them.”
Yeah, the thought police. No, we don't need thought police.
I should get credit for not all the bad things that I did that I thought of, and only doing the good ones.
Pay me for the things I didn't do as opposed to the things I did do.
Come on, keep it coming.
OK, this has been a blast of a conversation, but we need to wrap up. If people want to find you online, we know they can't find you by finding Bryan Seely on Twitter because that's not the name you use. How can people find you online?
Twitter is @bryanthemapsguy. You can look up Bryan Seely, wiretapping Secret Service, or Bryan the maps guy. I'm on LinkedIn, Twitter for at least a little while before it completely goes to hell.
At the moment, you have a knowledge graph on Google.
Do I?
You do.
Is it measuring my knowledge?
No, you come up in the sidebar of a noteworthy individual.
No kidding. I didn't know that.
Even without a Wikipedia reference.
I do know I don't have a Wikipedia.
But usually, those come from Wikipedia, and I was like, “Oh, hey. This is cool.”
I had ChatGPT try to write Wikipedia just to see how funny. He has some children and lives in a place. It didn't do its research, but it was really funny, that one.
I typically am on LinkedIn or Twitter. I'm happy to answer questions. I'll be speaking in Luxembourg in about three weeks. I was just in Abu Dhabi with Fortinet. I'm going to be converting my career into more mental health stuff and cybersecurity as I've finished up a book, but I'm around so it's not hard to find me. But if you're the one looking for me, then you've gone down a weird rabbit hole.
It's been a fun discussion. It wasn't weird at all. This was a ton of fun. It's nice to have the lighter side of cybersecurity conversation and not be so, “We're all going to die.”
So many people have that “We're all going to die” covered.
OK, I'm not going to go there any further then.
I really appreciate you having me on, Chris. Good to be here.
Bryan, thank you so much for coming on today.